WHAT IS RIGHT TO REPAIR AND HOW DOES IT AFFECT MEDICAL DEVICES?

Pros and Cons of proprietary information to buyers to repair your products.

Right to Repair (RtR, R2R) is a movement by consumers and repair shops to have Original Equipment Manufacturers (OEM) make available normally proprietary information of their products, as well as provide any necessary tools and spare parts. This can range from password access to a smartphone’s firmware to the use of diagnostic computers. Product owners can make their repairs or updates without resorting to OEM-approved outlets.

Bills for RtR are overwhelmingly proposed at a state level. The products involved vary per bill; e.g., tractors, restaurant ice-cream machines, medical PCs, etc. This post covers medical devices like ventilators and imaging scanners.

Patient Safety Comes First

Nader Hammoud is a biomedical engineering manager and member of the California Medical Instrumentation Association. He may have summed it best the differences of when medical devices go down versus commercial products like a smartphone: “If you don’t get that device up and running in an hour or two hours, that patient will die”

This opinion was echoed by FTC Commissioner Rohit Chopra. “During the FTC’s review of this [Right to Repair] issue, we heard about hospitals worried that they would be unable to fix a ventilator because a manufacturer was seeking to deny access to repair it. Outages caused by repair restrictions like these can make the difference in times of emergencies.”

Both proponents and opponents of RtR state patient safety is their priority. Pro group United States Public Interest Research Group revealed 80 percent of biomedical equipment technicians are not allowed service medical devices on-site because of OEM restrictions. The situation was worse in rural hospitals which saw delays stretched out to weeks for service.

OEMs have a different take. They stress the complexity of their products, and the importance of them being repaired by authorized technicians. As an example, they point to Independent Service Organizations (ISO) Tenacore and Avante Health Solutions. Both had made changes to one or more devices without the OEMs’ authorization. This led to major issues with the devices resulting in at least one death.

Government Regulation (and Lack of)

Medical devices are highly regulated by the government. But there is no federal body that regulates ISOs. The FDA in fact doesn’t really know how many ISOs can be found in the US.

ISOs say they don’t need regulation. They point to their relevance based on a 2018 FDA report that opines the “continued availability of third-party entities to service and repair medical devices is critical to the functioning of the U.S. healthcare system.” Also, R2R advocates claim the FDA’s only “real” form of regulation is licensing the production of medical devices. It’s then up to the buyer how they’re used.

This includes repairs. As Gay Gordon-Byrne, Executive Director of the Digital Right to Repair Coalition, states: "The common arguments made by these planted pieces start with the premise that the FDA regulates repair -- which is does not. ... The FDA regulates the production of products and CMS (Center for Medicaid and Medicare Services) and TJC (The Joint Commission) regulates care facilities. Hospitals are in charge of how they maintain and repair their equipment -- and not the OEM. Independent technicians are hired for their skills and expertise, and not off the street in the manner of a paving crew."

Medical device OEMs take exception to the arguments. The Advanced Medical Technology Association, which represents device makers in the medical group industry, says OEMs are required to service their devices. They have to meet specific requirements from the training of service technicians to the maintenance of service records. Issues with their devices must be reported to the FDA. Finally, the federal agency can inspect OEMs to ensure they comply with these regulations.

ISOs, they point out, face no FDA scrutiny.

Cybersecurity Spotlights Legacy

Cybersecurity in the healthcare field is a big issue. And it looks like it’ll be getting worse before it gets better.

A major reason is healthcare’s continued use of legacy. These are outdated software, hardware, or both no longer supported by their OEMs. According to cybersecurity firm Sensato, more than 40 percent of medical devices can be considered legacy.

Issues from costs, regulation, to the importance of legacy equipment, make it difficult to upgrade to more secure devices. Even medical equipment like medical box PCs, which can provide many modern security features like RFID scanners and Imprivata Single Sign On to verify authorized users, have limits against hackers.